Last active

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

command to calculate the total length of packets of a libpcap formatted file (removes 20-byte packet overhead)

View pcap_len.c
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
/*
attributed author: alex medvedev <alexm () pycckue org>
http://seclists.org/tcpdump/2004/q1/266
to compile on OS X Mavericks:
cc pcap_len.c -lpcap -o pcap_len
to use
sudo tcpdump -w /tmp/tcpdump.out
^C
./pcap_len /tmp/tcpdump.out
*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <pcap.h>
 
 
pcap_t *pd;
char errbuf[PCAP_ERRBUF_SIZE];
int total_packets = 0;
int total_length = 0;
 
 
void
countit( u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
{
total_length += h->len;
total_packets++;
}
void
sig(int signo)
{
printf("total len = %d, total packets = %d\n", total_length,
total_packets);
}
 
int
main(int argc, char *argv[])
{
int count;
int linktype;
char *ifname;
bpf_u_int32 localnet, netmask;
 
 
(void)signal(SIGINT, sig);
pd = pcap_open_offline(argv[1], errbuf);
if (! pd) {
puts(errbuf);
exit(1);
}
linktype = pcap_datalink(pd);
printf("linktype %s\n", pcap_datalink_val_to_name(linktype));
 
localnet = 0;
netmask = 0;
count = pcap_loop(pd, -1, countit, 0);
if ( count < 0)
puts(pcap_geterr(pd));
 
printf("total len = %d, total packets = %d\n", total_length,
total_packets);
 
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.